Special Events

Capture the Flag 7.0derby

Contest runs from Friday 12pm to Sunday 12pm
Conference theater:

Friday: 12pm to 9pm
Saturday: 9am to 9pm
Sunday: 10am to 12pm
Oaklawn room available 24 hrs a day.
Come and test your skillz! Come and compete against other people in the industry!
Wireless SSID: DerbyCon-CTF

Password: DerbyCon-CTF

After connecting to CTF network, registration and rules located at https://scoreboard.ctf.derbycon.com
PRIZES: Black Badge, 2018 Conference Ticket, $350 cash, $100 Gift Card, & $50 Gift Card
BYOEPC – Bring your own ethernet patch cord
SPONSORED BY: In Guardians


SE Village: derby

Kentucky Suite (Oaks and Derby rooms)


  • 1400pm – SEVillage Opens
  • 1400 – 1430 opening comments / Open SECTF
  • 1430-1500 – Call 1 followed by 10 min Q&A
  • 1500-1530 – Call 2 followed by 10 min Q&A
  • 1530-1600 – Call 3 followed by 10 min Q&A
  • 1600-1630 – Call 4 followed by 10 min Q&A
  • 1630-1700 – Call 5 followed by 10 min Q&A
  • 1700-1730 – Call 6 followed by 10 min Q&A
  • 1800-1930 – SEPanel – “Women In Tech”
Guests: Carol Suchit, April Wright, Lesley Carhart, Chris Hadnagy

Moderator: Babak Javadi


  • 0900 – SEVIllage Opens
  • 0900-0930 – opening comments
  • 0930-1300 – Can You Fool The Polygraph?
  • Short lunch break
  • 1400-1700 – Mission SE Impossible
  • 1800-1930 – SEPanel – “Ethics in SE”
Guests: Grifter, Jayson Street, Jamison Scheeres, Chris Hadnagy
Moderator: Babak Javadi


SEVillage at DerbyCon:
This is the first official year of a full on SEVillage at DerbyCon! SEVillage will be all things Social Engineering and human hacking for DerbyCon. It will contain the SECTF, MSI, The SEPoly Challenge and 2 exclusive SEPanels.


SECTF At DerbyCon:
For the first time ever, the Social-Engineer crew is bringing the SCTF (Social Engineering Capture the Flag) to another conference. This flagship event will involve you the audience watching live calls to target companies. For weeks the contestants have been digging into these companies and now, we will get to see the fruits of their hard work with live calls. Join us for the first year ever at DerbyCon 7.0! The winner will be granted a FREE pass for next years DerbyCon and a Free SE Challenge Coin and a very special custom made award!

Can you Fool The Polygraph?:
This is an original contest made just for DerbyCon.  The Social-Engineer crew hires a world renowned Polygrapher to come to Derby and give LIVE, PUBLIC Polygraphs.  You will be asked a series of questions, some of which are super embarrassing, and the goal is to tell the truth (or not) but to never let the Polygraph Machine or Polygraph Operator catch you! Want to see if you have the skill?  If you do, the winner will be granted a FREE pass for next years DerbyCon and a Free SE Challenge Coin.

Mission SE Impossible (MSI):
“Mission SE Impossible” (MSI) has been revamped, improved and Derby-ized.  Can you escape handcuffs? Pick Locks? Traverse Lasers? Read facial expressions? All with a crowd watching, Chris breathing on you and the stress of a timer?  Find out by taking part in MSI at DerbyCon. The winner will be granted a FREE pass for next years DerbyCon and a Free SE Challenge Coin.

For more details check out social-engineer.org/sevillage-derby-con/


Aqueduct room, Friday 1o57 am Start Time with 24hr access
Aqueduct room will used by Ham Radio on Saturday 1:00 PM to 3:00 PM.
Curious?  Introspective? Having thoughts such as
do I envy a lick war?
Who wins, your lazy self, or the hidden hacker within?
Rise to vote, sir!
A little hint to motivate-
Keyword: CivilNaa

SoHopelessly Brokenderby

Belmont room
Friday: 11am – 7pm
Saturday: 11am – 7pm
SOHOpelessly Broken, presented by Independent Security Evaluators (ISE), is back at DerbyCon for our fourth year! We have expanded the contest to not only include SOHO routers, but other types of IoT devices such as network storage systems, cameras, and IP enabled toys!
  • Track 1: One of last year’s Black Badge contests is back! Players compete against one another by exploiting off-the-shelf IoT devices. These 15+ devices all have known vulnerabilities, but to successfully exploit these devices requires lateral thinking, knowledge of networking, and competency in exploit development. CTFs are a great experience to learn more about security and test your skills, so join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can over the weekend and the top three teams will be rewarded.
  • Track 2:  Hack shop area for people to actively hack and collaborate on selected devices.
  • Track 3: A variety of workshops and talks will be delivered throughout the weekend.

Lockpick Villagederby

Gulfstream & Hialeah rooms
Friday and Saturday: 10am to 7pm 
Sunday: 10am to 2pm 
It’s lucky 7’s in the DerbyCon lockpicking village! This year we have Lock Picking Pachinko: pick locks to retrieve pachinko balls, play pachinko machines, then cash out your balls for prizes! We have plenty of other games and locks for all skill levels including the “Rumble Challenge” multi-round competition. Picking, bumping, high security locks, more games, and other surprises are waiting for you in the lockpicking village! Awesome schwag will be awarded for top places in all competitions. Come to learn, stay to compete!

Car Hacking Villagederby

Gulfstream & Hialeah rooms
Friday and Saturday: 10am to 7pm 
Sunday: 10am to 2pm

The Car Hacking Village is a Hand-On environment for understanding how vehicle systems work. Come join our village to sit down and play with vehicle controllers and understand how to get started in vehicle hacking.  If we can, we will also be selling our Car Hacking Village badges which are programmable vehicle interfaces that look really classy.  Join us to learn more about our upcoming Car Hacking CTF.

Hardware Hacking Villagederby

Gulfstream & Hialeah rooms
Friday and Saturday: 10am to 7pm 
Sunday: 10am to 2pm

LVL1, Louisville’s first Hackerspace, will be hosting a hardware hacking village complete with devious and useful kits to solder together (no experience required! Through-hole and surface-mount kits available or bring your own), a 3D printer, and a showcase of projects. Need some bling for the party? We’ll have bright LED kits from Mr Blinky Bling to solder together, too. Interested in the low-level stuff? Stop by the hardware hacking village to hack together something of your own, chat with other hardware hackers, and check out some cool stuff. Interested in learning more about the LVL1 hackerspace? Visit http://www.lvl1.org

Hack Your Derby: derby

Judging 6pm @ top of escalators
Winners announced @ closing ceremony
Hack Your Derby is a contest held annually at the DerbyCon hacker convention in Louisville, Kentucky.  It is simple and straightforward: turn a derby hat — already a fine piece of functional fashion — into something more.  Exactly how much more is up to you.  Feel free to express your hacker spirit in the vein of technological or aesthetic development.  There are points awarded by the judges in each of those categories, as well as accolades for overall originality.
You may either work on your derby creation before the conference or compete using exclusively what you can source in and around the con hotel during DerbyCon itself.  Overall, however, the themes of “make something new, make something epic, make something awesome” are the order of the day.  There will be multiple winners in a variety of categories!
All submissions must be displayed to the judges at 6 PM on Saturday at the top of the escalators and scoring will be totaled and finalized by Closing Ceremonies on Sunday.
For more information and full detail of the rules and categories, check hackyourderby.com
Follow @hackyourderby for updates and to see amazing footage of the submissions!

Ham Radio Exams derby

Aquaduct room
1-3 Saturday, Retests 1-3 Sunday

Amateur Radio (ham radio) is a popular hobby and service that brings people, electronics and communication together. People use ham radio to talk across town, around the world, or even into space, all without the Internet or cell phones. It’s fun, social, educational, and can be a lifeline during times of need.

DerbyCon 7, will be host a ham radio licensing exam! The cost is $15 (cash or check only). Check out the ARRL website for information on what to bring to the exam, as well as exam question pools, free study resources, and other FAQ.

No pre-registration is required.

Hack the Hat v7 – Cycle OverRide’s annual DerbyCon bicycle adventure derby

Saturday 7:30am Lobby
Cycle OverRide will once again host an early morning ride to take place Saturday morning at 7:30 AM.  We will meet in Hyatt Louisville lobby and ride out from there.  This is a relatively flat, no drop ride – so riders of all skill can join us.  Must have a bike to participate.  No bike? Feel free to get up early and wave us off.  No? It’s ok, we know that’s a crazy idea.  Who wants to get up early just to wave?  What if we told you there’d be free doughnuts?  That’s right – a free doughnut to the first 12 people who come cheer us on as we ride out the door.  You know you want the doughnut.

Crack Me If You Can (CMIYC) Challenge derby

Friday 9am to Sunday 11am (EST)
The annual password cracking contest “Crack Me If You Can” returns in 2017 with a visit to DerbyCon! CMIYC is the premier annual password cracking contest usually run at DEFCON.  Compete online in a 50 hour password cracking contest against the best password crackers in the world.  KoreLogic has changed the rules this year, and this year’s challenge is less of a point-war, and more of a string of challenges with the goal being the first time to the end, wins! The contest will be online “forever” so you can play along at a later time, to see how long it takes you to finish. You think you can beat Team Hashcat’s time? What about the John the Ripper people? See how you stack up against InsidePro. And please dont forget the team Cynosure Prime! All worthy adversaries. Spend 50 hours of your CON behind a wall of GTX 1080s.

Résumé and Interview Clinic derby

Churchill Downs room
Friday 10:00am to 2:00pm
Thinking about a career change in infosec? It’s a good idea to always have a solid résumé ready for unforeseen windfalls (or temporary setbacks). Our volunteer reviewers have decades of combined experience interviewing and vetting IT candidates, and we’re ready to put our experiences to work, for you. Résumé reviews or mock interviews (focusing on either soft or technical skills!) will be arranged on a walk-in basis. Please bring a paper copy of your current résumé or your own laptop with a digital copy. Hiring? Feel free to drop off cards or paper postings.

Scavenger Hunt derby

Come experience the weird and exhilarating side of DerbyCon 7.0 with the Curious Codes Scavenger Hunt Games, specially designed for those of us who want to do and experience all the things, not just some. If you can’t decide whether to see a talk, do a contest, be a beautiful social butterfly, or take this time away from the office to let your true wild colors shine, then just do them all and get points for it! Scavenger Hunt is the only contest that can be won by entrancing the judges with your hilarious capers, so be sure to follow us on Twitter for more information @Curious_Codes

DerbyCon Jeopardy #3.14 (Oh, Hell Yeah, It Is!) derby

Keeneland room

Friday 8pm

(One Night Only! Arrive Early. Limited Seating. Beer Bribery, OK.)

You know the game. You get publicly humiliated for saying stupid shit while chugging beers for a lousy 100 points a bottle! And the host and audience have all the fun. You know we will taunt you, abuse you and confuse you, for our merriment, of course.
Still Want to Play?  2 – Games. Winners Get Hall Pass to Play Hacker Jeopardy at DefCon: No Qualifications Round!
Submit your Team, up to 3 players each. Pick a name. Tell us why you think you’re all that. Mobile contact info (private only). Oh! Yeah. Diversity counts!
Send your Team Submissions (and bribes) to Winn@SecurityExperts.Com
Teams will be picked live at DerbyCon Jeopardy. So, that means, remember to Be There. (Oh, the abuse has already begun…)

Whose Slide Is It Anyway? derby

Keeneland room
Saturday 8pm
The What:
“Whose Slide Is It Anyway?” is an unholy union of improv comedy, hacking and slide deck sado-masochism.
The How:
Our team of slide monkeys will create 20 short decks on whatever nonsense tickles our fancy that week. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a 5-10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.
The Why:
Whether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.